[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Security flaw: subversion stores passwords by default

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Thu, 20 Mar 2008 16:13:50 -0500

Karl Fogel wrote:
>> Currently svn provides both choices - it will store the password for
>> you or you can choose to not store as well. But we could look at his
>> argument as to keep the same two choices, but just make the default to
>> not store the password. The config parameter can be changed by users
>> if they wish to (to make store-passwords to 'yes' to make it store the
>> password).
> Sure. But we had this discussion years ago; we didn't just flip a coin
> to choose the current way, we really hashed out the pros and cons.
> (Hadmut may not have realized that, of course, since it was a long time
> ago.)

What does firefox do when you check the 'remember this password' box -
and can you use whatever library/api they use?

    Les Mikesell
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-03-20 22:10:47 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.